Firewall Wizards mailing list archives

Dynamic execution of a script on arrival of a packet

From: Alex Ongena <Alex.Ongena () able be>
Date: 30 Oct 2002 15:14:41 +0100

Hi,

I'am using Linux 2.4.19 and iptables.
I'am looking to make a thing like:
- by default, everything is denied in the Firewall.
- on arrival of a packet, a 'script' (ex. perl) is
  called that evaluates some packet details (like
  Source IP, Protocol, Port, date and time of
  arrival, etc..) and can decides to 'add an
  iptable rule on the fly' to accept this and
  future packets.
- another script can be runned by cron to remove
  iptable entries when applicable.

The advantage of this script could be that 'acceptance'
criteria can be determined more flexible
(for example, checking a database with the relation
IP <-> User at a certain moment in time)

I know that one has to prevent for DoD with Packet
Flooding, but that can be handled with the iptables
--limit extension.

Thanks for any help
alex
PS: I'am new to this list, does there exist a searchable
archive ?

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Dynamic execution of a script on arrival of a packet Alex Ongena (Oct 30)
- Re: Dynamic execution of a script on arrival of a packet Sigurd Urdahl (Oct 31)